Myth #1: BCDR seems unnecessary for a business my size
This dangerous perception will likely leave you vulnerable to the growing threat of ransomware. This breed of malicious software, used by cybercriminals to prevent businesses from accessing their own data, is often aimed at small to medium-sized organizations simply because they are regarded as easy targets.
In 2020, healthcare organizations large and small were among the biggest targets for ransomware, both in the U.S. and Europe, because the sensitivity of private patient information made them particularly vulnerable. Globally, no organization or industry is immune.
By encrypting the contents of critical operational systems such as sales and payroll records and holding that data hostage, bad actors can threaten to put small and medium-sized business (SMBs) out of business. Even if your business pays the ransom (against the recommendation of law enforcement), you might not get your data back.
Ransomware is a big deal but far from the only threat. Consider what would happen if flood or fire wiped out your systems. What if a cloud service you depend on suffers an extended outage? Think through the worst-case scenarios, and you will find plenty of reasons to invest in BCDR.
Myth #2: Backup is good enough
Backup is a critical part of BCDR. But backup is centered on your data, while important, it is not the only element. Business Continuity broadens the scope and is centered on your people, and how they will be able to continue to function.
However, on its own, backup leaves businesses susceptible to costly downtime. Why? Because recovering large data sets (such as the contents of an entire server) can be time-consuming. Not to mention the time it takes to procure new hardware if primary systems become inoperable.
Meanwhile, productivity grinds to a halt, and revenue stops flowing.
That’s why businesses need a solution that enables fast restores in addition to a backup. For many organizations today, that means BCDR. BCDR solutions use backup, snapshot, virtualization, and the cloud to protect data and enable fast restores that will keep your business running without a hiccup.
A 2020 survey found that, on average, 70% of SMBs had servers protected by a backup solution of some sort but only 55% of servers were protected by a full BCDR solution. You don’t want to be the one leaving critical services exposed.
Myth #3: I don’t have to worry about BCDR because most of my data is in the cloud
While having data in the cloud can be useful in some BCDR scenarios (for example, allowing employees to log in to applications from home after the office burns down), don’t overestimate how much protection you are getting “for free” by using software as a service (SaaS) applications or cloud storage.
Both Microsoft and Google, the two major providers of cloud office productivity suites, explicitly specify that their services are offered under a “shared responsibility” model in which you bear much of the responsibility for data protection and data integrity. The same is true for Amazon Web Services.
That means cloud providers won’t necessarily help you recover a file that was accidentally deleted. Nor are you necessarily protected against ransomware or other hacks if your cloud credentials are compromised and are used to delete, encrypt, or corrupt data.
File sync and share tools aren’t a substitute for BCDR, either. Why? Because, when a cloud file sync and sharing service detects that a file has been deleted, it typically deletes all copies, local and remote, including older versions. If you ever need to get one of those files back, for example, for an audit, lawsuit, insider fraud, or security breach investigation, you could be out of luck.
Myth #4: All clouds are the same
Yes, all cloud providers deliver highly available server and storage infrastructure. But, that does not mean they are ideal for BCDR. Public cloud costs on Amazon Web Services, Microsoft Azure, and similar infrastructure can be unpredictable unless properly planned and managed.
Yes, you only pay for what you use, but that means costs spike at the worst possible time—when you mount and run a recovery virtual machine (VM). Additionally, cloud providers charge egress fees for moving data out of the cloud. Downloading a large data set from the cloud, as you must do to restore a server, can be costly. Some vendors will also surcharge you for testing the integrity of your disaster recovery configuration — even though such testing is an essential best practice for BCDR.
General purpose public clouds have different tiers for computing, storage, and security, which can add complexity. In other words, you might not be able to understand the final cost until you get the bill.
When you use a purpose-built BCDR solution, with all costs for backup and restoration bundled into a single monthly fee, you know exactly what you will pay. Cloud services also vary in their performance characteristics and how well they meet your security, data privacy, and compliance requirements. If a service provider promises you “cloud backup,” make sure you understand what cloud service is behind that promise and how far you can trust it.
Myth #5: All BCDR solutions offer equal protection against business risk
This simply isn’t true. All BCDR solutions are not created equal. Proper BCDR software enables:
- Restore capabilities that meet a variety of recovery scenarios
Recovery scenarios can range from restoring a few lost files to a complete server failure. So, look for solutions that address all those needs. In addition to VM failover, a BCDR solution should offer capabilities like file and folder restore, ransomware detection and rollback, server image export, and bare metal recovery.
Data immutability is another important consideration. Data immutability means that data is stored in a manner that it cannot be modified by external operations. It ensures that backups cannot be corrupted by ransomware or deleted in some other form of attack. Your solution should take advantage of the bandwidth and storage efficiencies gained from incremental backup but also ensure the integrity of the entire chain of backups for reliable data restoration.
Additionally, many BCDR products require multiple vendors to build a full solution. This can result in multiple points of failure and potential finger-pointing among vendors, so it takes longer to resolve issues. Choose a solution unified around a consistent architecture to avoid these issues.
If you want your business to be resilient, you need a BCDR plan grounded in reality. You can’t afford to be misled by myths and misconceptions, or a false sense of security. You need a strategic and technical partner who is committed to giving you the insight and direction you want to implement the BCDR plan you need.
Our dedicated team is committed to helping you plan and execute growth, and not break along the way.
Get in touch today to learn more. We’d love to answer your questions.